Payments Association of SA (Pasa) CEO Walter Volke said on Friday there was no need for "undue concern" by cardholders.
"There are indications at this stage that only a limited number of card details have been accessed by outside organisations, and as a result limited fraud has been perpetrated," he said.
He said card-users needed to report suspicious account transactions to their banks.
Pasa discovered the breach earlier in the week.
The company which processed the online transactions "serves a number of large online merchants", it said.
"The card data emanating from these online transactions seems to have been stored in a manner which does not meet the stringent security standards expected by Pasa, the international card schemes and the banks," Volker said.
"Pasa has been working with the banks and the card schemes to implement immediate measures to block the potential exposure of the card data.
"Should fraudulent transactions be perpetrated on any of these cards as a result of the data compromise, cardholders would not be exposed to any losses—as is the case under normal circumstances," he said. Sapa – Sapa. .